changes saved (doesnt built)

2024-07-20 21:23:47 +02:00
parent 70b3d92fb1
commit dffd47fa94
11 changed files with 113 additions and 77 deletions
--- a/system-modules/hsmw.nix
+++ b/system-modules/hsmw.nix
@@ -1,24 +1,31 @@
 { pkgs, lib, host, secrets, ... }: 
 lib.mkIf (host != "NxACE") 
 {
-  environment.systemPackages = [
-    pkgs.strongswanNM
+  environment.systemPackages = with pkgs; [
+    strongswanNM
  ];
  
  environment.etc = {

-    # Easyroam 
-    "ssl/certs/easyroam_client_cert.pem".source = ../secrets/easyroam-hsmw/easyroam_client_cert.pem;
-    "ssl/certs/easyroam_root_ca.pem".source = ../secrets/easyroam-hsmw/easyroam_root_ca.pem;
-    "ssl/certs/easyroam_client_key.pem".source = ../secrets/easyroam-hsmw/easyroam_client_key.pem;
-    "NetworkManager/system-connections/eduroam.nmconnection" = {
-      text = secrets.easyroamHSMW.nmconfig; 
-      mode = "0600";
-    };
+  #   # Easyroam 
+  #   "ssl/certs/easyroam_client_cert.pem".source = ../secrets/easyroam-hsmw/easyroam_client_cert.pem;
+  #   "ssl/certs/easyroam_root_ca.pem".source = ../secrets/easyroam-hsmw/easyroam_root_ca.pem;
+  #   "ssl/certs/easyroam_client_key.pem".source = ../secrets/easyroam-hsmw/easyroam_client_key.pem;
+  #   "NetworkManager/system-connections/eduroam.nmconnection" = {
+  #     text = secrets.easyroamHSMW.nmconfig; 
+  #     mode = "0600";
+  #   };

-    "ipsec.d/hsmw.secrets".text = ''${secrets.email.hsmw.mail} : EAP "${secrets.email.hsmw.password}"'';
-    "ipsec.d/USERTrust-ECC.pem".source = ../secrets/vpn-hsmw/USERTrust-ECC-Certification-Authority.pem;
-    "ipsec.d/USERTrust-RSA.pem".source = ../secrets/vpn-hsmw/USERTrust-RSA-Certification-Authority.pem;
+    # "ipsec.d/hsmw.secrets".text = ''${secrets.email.hsmw.un}@hs-mittweida.de : EAP "megasecret"'';
+  #   "ipsec.d/USERTrust-ECC.pem".source = ../secrets/vpn-hsmw/USERTrust-ECC-Certification-Authority.pem;
+  #   "ipsec.d/USERTrust-RSA.pem".source = ../secrets/vpn-hsmw/USERTrust-RSA-Certification-Authority.pem;
+  };
+
+
+  sops.secrets = {
+    "USERTrust/ECC" = { path = "/etc/ipsec.d/USERTrust-ECC.pem"; };
+    "USERTrust/RSA" = { path = "/etc/ipsec.d/USERTrust-RSA.pem"; };
+    "hsmw-vpn-secret" = { path = "/etc/ipsec.d/hsmw.secret"; mode = "600"; };
  };
  
  networking.networkmanager.enableStrongSwan = true;
@@ -35,7 +42,7 @@ lib.mkIf (host != "NxACE")
          left = "%defaultroute";
          leftid = "%any";
          leftauth = "eap";
-          eap_identity = secrets.email.hsmw.mail;
+          eap_identity = "${secrets.email.hsmw.un}@hs-mittweida.de";
          leftsourceip = "%config";
          leftdns = "%config4";
          leftfirewall = "no";
@@ -73,7 +80,7 @@ lib.mkIf (host != "NxACE")
      "openssl"
      "resolve"
    ];
-    secrets = [ "/etc/ipsec.d/hsmw.secrets" ];
+    secrets = [ "/etc/ipsec.d/hsmw.secret" ];
    ca = {
      hsmw = {
        auto = "add";
--- a/system-modules/ollama.nix
+++ b/system-modules/ollama.nix
@@ -1,7 +1,7 @@
-{ pkgs, lib, host, nvidia, ... }: 
+{ pkgs, pkgs-unstable, lib, host, nvidia, ... }: 

 {
-  environment.systemPackages = with pkgs; [
+  environment.systemPackages = with pkgs-unstable; [
    ollama
  ];
  
@@ -41,6 +41,7 @@
  #   '';
  # };
  services.ollama = {
+    # package = pkgs-unstable.ollama;
    enable = true;
    acceleration = lib.mkIf nvidia.enable "cuda";
    listenAddress = if host == "NxACE" then "0.0.0.0:11434" else "127.0.0.1:11434";